WinVerifyTrust Errors Within the Dell Data Security Console -Logs

Affected Products:

• Dell Encryption Enterprise
• Dell Encryption Personal
• Dell Software-based Full Disk Encryption
• Dell Self-Encrypting Drive Management
• Dell BitLocker Manager
• Dell Endpoint Security Suite Enterprise

Affected Operating Systems:

• Windows

During device registration or activation, an error may be seen in the DellAgent.log files of:

exception validating trust for executing assembly - WinVerifyTrust returned 0x800b0109
Or
E Agent : exception validating trust for entry assembly - WinVerifyTrust returned 0x80096005 for signature index 1

These errors are stating that the signing certificate that is used for the Dell Encryption Management Agent is not able to be properly validated through either CRL or cross-signature checks.

Not Applicable

Microsoft offers the ability to automatically update all trusted certificate authorities. This functionality has a group policy object that is tied to it that may be disabled in an environment.

This policy object can be found at:

• Computer Configuration > Administrative Templates > System > Internet Communication Management and click Internet Communication Settings > Turn off Automatic Root Certificates Update

Setting this policy to Enabled prevents Windows Update from pulling Microsoft-validated root certificate authorities. Setting this policy to Disabled allows for Microsoft-validated root certificate authorities to automatically be updated through Windows Update.

This policy object within Group Policy is present by default in Windows 10 version 1511 (November 2015 update) or later. For Operating Systems before this release, a Windows Update is required for this process to function properly. These OS-specific updates can be found at Microsoft's KB article 2813430, here:

https://support.microsoft.com/en-us/help/2813430

If disabling this policy is not possible within your environment, manually adding the following Certificates allow for the signature validation to pass. As of Dell Encryption 10.0 or Dell Endpoint Security Suite Enterprise 2.0, the current Root Certificates that are required are:

• Verisign Root Authority

thumbprint: 3679ca35668772304d30a5fb873b0fa77bb70d54

• DigiCert HA Root

Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.